mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 03:30:45 +00:00
Code Issues Wiki Activity
343003 commits 266 branches 124 tags 6 GiB
Commit graph

19477 commits

Author SHA1 Message Date
1000teslas 9c478c1995 nixos/xrdp: add confDir option 2021-12-10 00:56:21 +11:00
Janne Heß 6807628791
nixos/switch-to-configuraton: Add details about sockets 2021-12-09 13:51:18 +01:00
Andreas Rammhold 6e69e537ff
Merge pull request #145183 from veehaitch/networkd-DHCPServerStaticLease 
nixos/networkd: add `dhcpServerStaticLeaseConfig` option
 2021-12-09 12:57:46 +01:00
Janne Heß 7b5fb05a0d
nixos/pam: Type all limit options 2021-12-09 12:48:02 +01:00
Janne Heß 2024306048
nixos/switch-to-configuration: Restart non-services 2021-12-09 12:31:48 +01:00
Janne Heß 393c721849
nixos/switch-to-configuration: Move handleModifiedUnit into a sub 2021-12-09 11:31:59 +01:00
adisbladis 273018e39a
Merge pull request #149769 from qowoz/podman-sort 
nixos/podman: sort files into directories
 2021-12-09 18:41:50 +12:00
Aaron Andersen ffa3ebb1f7
Merge pull request #149624 from dali99/fix_dokuwiki_php 
nixos/dokuwiki: Use php74 for the phpfpm pool
 2021-12-08 22:21:25 -05:00
zowoq 79e66fce1c nixos/podman: sort files into directories 
Makes codeowners, git history, etc. a bit simpler now that podman has expanded beyond the original single file module and test.
 2021-12-09 13:03:16 +10:00
pennae e67a646a92 treewide: add defaultText to remaining options 
these are mostly options that use alias bindings, bindings to constants,
or bindings to calculated values.
 2021-12-09 01:42:24 +01:00
pennae 1f960e7571 nixos/captive-browser: add defaultText for browser 
easiest way to do this is to move the default expression out and
abstract over what is substituted into it, using a dependent value for
the default and a descriptive value for defaultText
 2021-12-09 01:42:24 +01:00
pennae 0eaf46a1dc nixos/system-path: add defaultText for defaultPackages 2021-12-09 01:42:24 +01:00
pennae 1060fefae3 nixos/tarsnap, nixos/neo4j: defaultText for submodule options 
unfortunately we don't have a good way to represent defaults that
reference other values of the current submodule, so we just use the
relative path of the referenced value and assume that the submodule was
declared as `rec`.
 2021-12-09 01:42:24 +01:00
pennae 9407761763 treewide: add defaultText for options using other shortcut bindings 2021-12-09 01:42:24 +01:00
pennae 3226c5aded nixos/hbase: refactor settings option 
instead of keeping a defaultConfig value around, set that value as the
default of the option and explicitly use the option default instead.
this also allows us to write a defaultText that makes sense and is in
proximity to the definition of the default.
 2021-12-09 01:38:24 +01:00
pennae 2d564521c0 treewide: add literalDocBook text to options with complex defaults 
some options have default that are best described in prose, such as
defaults that depend on the system stateVersion, defaults that are
derivations specific to the surrounding context, or those where the
expression is much longer and harder to understand than a simple text
snippet.
 2021-12-09 01:38:24 +01:00
pennae 6eaf4f90c2 nixos/mpdscribble: add defaultText for some options using mpdCfg 2021-12-09 01:38:24 +01:00
pennae b9950385e5 treewide: make option examples constant 
escape interpolations in examples, or replace them where they are not
useful.
 2021-12-09 01:38:24 +01:00
pennae e72435e612 treewide: make option descriptions constants 
escape interpolations in descriptions where possible, replace them with
sufficiently descriptive text elsewhere. also expand cfg.* paths in
descriptions.
 2021-12-09 01:21:04 +01:00
pennae ed673a69db treewide: add defaultText for options with simple cfg.* expression defaults 
adds defaultText for options with defaults that use only literals, full config.*
paths, and the cfg shortcut binding.
 2021-12-09 01:14:16 +01:00
pennae fb0e5be843 treewide: add defaultText for options with simple interpolation defaults 
adds defaultText for all options that use `cfg.*` values in their
defaults, but only for interpolations with no extra processing (other
than toString where necessary)
 2021-12-09 01:13:48 +01:00
pennae f6d0b014fe nixos/kubernetes: add defaultText for addons options using top.* 
the kubernetes modules cross-reference their config using an additional shortcut
binding `top = config.services.kubernetes`, expand those to defaultText like
`cfg` previously.
 2021-12-09 01:13:12 +01:00
pennae e24a8775a8 treewide: set defaultText for options using simple path defaults 
adds defaultText for all options that set their default to a path expression
using the ubiquitous `cfg` shortcut bindings.
 2021-12-09 01:12:13 +01:00
Florian Klink fec4daf38d
Merge pull request #149342 from helsinki-systems/feat/restart-systemd-on-systemconf-change 
nixos/switch-to-configuration: Restart systemd when system.conf is changed
 2021-12-08 23:23:04 +01:00
lunik1 1f0bbdb6fc
nixos/adguardhome: remove syslog.target from service 2021-12-08 22:18:25 +00:00
Jelle Besseling f226901f7f
eternal-terminal: remove syslog.target from service 2021-12-08 22:48:20 +01:00
pennae 70b105d1d0 nixos/journalbeat: remove support for versions < 6 
nixos no longer ships journalbeat 5 and hasn't since at least 20.09. remove
checks for older versions from the module.
 2021-12-08 21:41:18 +01:00
squalus c3ab9e6d40 nixos/prometheus-nginx-exporter: fix argument syntax 
Arguments were being ignored because the program expects an equals sign
to separate the argument name from the value.

Documented in https://github.com/nginxinc/nginx-prometheus-exporter/issues/153

Fixes #107541
 2021-12-08 11:32:13 -08:00
Daniel Olsen 1681c0b49e nixos/dokuwiki: Use php74 for the phpfpm pool 
php8 does not work and is not supported
 2021-12-08 20:22:12 +01:00
Jan Tojnar bcb4b714bd Revert "nixos: make GIO_EXTRA_MODULES a session variable" 
This reverts commit abfcb79abf.

Fixes: https://github.com/NixOS/nixpkgs/issues/149539
 2021-12-08 19:54:18 +01:00
Kim Lindberger 9bf94de535
Merge pull request #147506 from talyz/discourse-2.8.0.beta8 
discourse: 2.7.9 -> 2.8.0.beta9
 2021-12-08 18:15:48 +01:00
Jörg Thalheim 2320324826
Merge pull request #149415 from helsinki-systems/feat/more-types 
nixos: Type some more options
 2021-12-08 15:37:36 +00:00
Jörg Thalheim 01ed14a53c
Merge pull request #149416 from helsinki-systems/feat/type-dysnomia-options 
nixos/dysnomia: Type all options
 2021-12-08 15:36:17 +00:00
ajs124 eee45bb295
Merge pull request #146815 from ElvishJerricco/systemd-utils-expressions 
Move systemd-lib.nix and systemd-unit-options.nix into utils
 2021-12-08 15:07:28 +00:00
Jörg Thalheim 0b698e4af5
Merge pull request #149587 from davidkna/patch-1 
nixos/snapraid: fix evaluation
 2021-12-08 14:58:53 +00:00
Janne Heß e36ceb65e6
Merge pull request #129449 from ddz/copy-initrd-secrets-after-early-mount-script 
nixos/stage1: copy initrd secrets into place after special mounts
 2021-12-08 15:38:02 +01:00
José Romildo 24a4815693 xfce: add maintainers team 2021-12-08 11:34:00 -03:00
David Knaack 28db2a481d
nixos/snapraid: fix evaluation 
Use string concatenation operator (`+`) instead of incorrect list concatenation operator (`++`)
 2021-12-08 11:10:02 +01:00
Janne Heß 9cdda88bb5
nixos/pcmcia: Type the last option 2021-12-08 11:02:34 +01:00
Patrick Hilhorst 29671bc365
Merge pull request #137260 from onny/maddy 2021-12-08 00:00:13 +01:00
Jonas Heinrich ecd88f91a0
nixos/maddy: Add module for maddy 
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
 2021-12-07 22:58:22 +01:00
Aaron Andersen 7f6f59e43c
Merge pull request #147324 from ju1m/transmission 
nixos/transmission: disable downloadDirPermissions by default
 2021-12-07 16:46:50 -05:00
Sandro e1f9dbf673
Merge pull request #139815 from ncfavier/fastcgiParams-path 2021-12-07 20:38:55 +01:00
Bjørn Forsman 8eb814e964 Revert "nixos/ddclient: fix permission for ddclient.conf (#148179)" 
This reverts commit 6af3d13bec.

Reported by @arcnmx
(https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656):

  Does this not completely break the service? It doesn't change the
  owner to the same as the ddclient server (which is somewhat difficult
  due to it being a DynamicUser), so this now makes the service
  completely unusable because the config is only readable by its owner,
  root:

    ddclient[871397]: WARNING:  file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied)

  Given that the RuntimeDirectory was only readable by the ddclient
  service, the warning this PR fixes was spurious and not indicative of
  an actual information leak. I'm not sure of what a quick fix would be
  due to DynamicUser, but would at least request a revert of this so the
  service can work again?
 2021-12-07 19:44:20 +01:00
Janne Heß fd6a2f3279
Merge pull request #149280 from netixx/fix-freeradius 
freeradius: fix radius user
 2021-12-07 19:35:38 +01:00
Janne Heß e14d34f80f
nixos/dysnomia: Type all options 2021-12-07 18:53:18 +01:00
Janne Heß 5015aeab6f
nixos/xmonad: Type the last option 2021-12-07 18:36:11 +01:00
Janne Heß 4cba5de303
nixos/hoogle: Type the last option 2021-12-07 18:36:01 +01:00
Silvan Mosberger 490d46f044
Merge pull request #148315 from hercules-ci/nixos-evalModules-legacy-cleanup 
NixOS/evalModules legacy cleanup
 2021-12-07 18:30:52 +01:00
Finn Behrens 673ad7eb36
nixos/pleroma: create cookie if not existing (#149368) 2021-12-07 17:32:55 +01:00
Matthew Leach 5ce7061945 nixos/networking: add options for configuring a GRE tunnel 
Add `networking.greTunnels` option that allows a GRE tunnel to be
configured in NixOS.
 2021-12-07 15:44:00 +00:00
Janne Heß 1f41365cda
nixos/switch-to-configuration: Restart systemd when system.conf is changed 2021-12-07 14:32:19 +01:00
Janne Heß e37aab2130
nixos/acme: Allow disabling bash tracing 
This is horrible if you want to debug failures that happened during
system switches but your 30-ish acme clients spam the log with the same
messages over and over again.
 2021-12-07 14:17:56 +01:00
Bernardo Meurer ebb7f07eec
Merge pull request #148751 from NixOS/feat/slight-stc-improvements 
nixos/switch-to-configuration: Add small improvements
 2021-12-07 02:38:26 -08:00
Yuka ce54a4f658
nixos/networkd: add RoutingPolicyRule Type option (#146168) 2021-12-07 10:13:22 +01:00
Netix (Espinet François) 9d7ce57da5 freeradius: fix radius user 
We now must choose either system or normal user when creating a user
 2021-12-07 08:51:57 +01:00
Martin Weinelt 1d1b09c7c1
Merge pull request #148752 from sweber83/sw/zigbee2mqtt-1.22.1 2021-12-06 22:54:42 +01:00
Maximilian Bosch c959de5b30
Merge pull request #148360 from helsinki-systems/drop/pg96 
postgresql_9_6: drop
 2021-12-06 21:57:05 +01:00
Martin Weinelt 96d69e40f2 nixos/zigbee2mqtt: run as zigbee2mqtt group 
Not setting a group is a security defect, since that will run the unit
under the root group.

Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
 2021-12-06 18:30:01 +01:00
Simon Weber 200c36255f nixos/zigbee2mqtt: no longer pass dataDir to package 2021-12-06 18:28:59 +01:00
Jan Tojnar 75eaab3757
Merge pull request #126832 from ncfavier/gio-extra-modules 
nixos: make GIO_EXTRA_MODULES a session variable
 2021-12-06 16:23:48 +01:00
Artturi 779a657e37
Merge pull request #148649 from Artturin/sgxgid 
nixos: add sgx group with gid 304
 2021-12-06 17:05:00 +02:00
talyz 125bb7dac1
discourse: Don't patch the public path 
Instead of patching the path to /public in Discourse's sources, make
the nginx configuration refer to the symlink in the discourse
package which points to the real path.

When there is a mismatch between the path nginx serves and the path
Discourse thinks it serves, we can run into issues like files not
being served - at least when sendfile requests from the ruby app are
processed by nginx. The issue I ran into most recently is that backup
downloads don't work.

Since Discourse refers to the public directory relative to the Rails
root in many places, it's much easier to just sync this path to the
nginx configuration than trying to patch all occurrences in the
sources. This should hopefully mean less potential for breakage in
future Discourse releases, too.
 2021-12-06 14:21:39 +01:00
Jörg Thalheim c7fa870f5a
Merge pull request #148535 from martinetd/bpf 
bpf update: bcc remove linux kernel dep + devendor libbpf again, bpftrace 0.13.0 -> 0.14.0 + remove kernel dep, pahole 1.20 -> 1.22 + remove submodule, libbpf revert 0.6.0 -> 0.5.0 (unusable)
 2021-12-06 08:33:14 +00:00
Robert Hensing 862d167f17
Merge pull request #147441 from pennae/option-doc-staticizing 
nixos/*: add trivial defaultText to options where applicable
 2021-12-06 01:35:38 +01:00
pennae c694c35f9d nixos/*: escape pkgs reference in examples and descriptions 2021-12-06 00:38:05 +01:00
Janne Heß b30d619368
nixos/top-level: Check syntax of switch-to-configuration 2021-12-05 18:54:36 +01:00
Janne Heß 6f1e0dc34f
nixos/switch-to-configuration: Move excludes up 2021-12-05 18:54:19 +01:00
Janne Heß 5d34545954
nixos/switch-to-configuration: Ignore scopes 2021-12-05 18:47:35 +01:00
Janne Heß 1e422e7d58
nixos/switch-to-configuration: Fix dry order 
This makes the order of the dry activation messages the same as the real
actions which makes more sense than another random order.
 2021-12-05 18:46:50 +01:00
Janne Heß 3693e8b093
nixos/switch-to-configuration: Clean perl code 
oct() is recommended by perlcritic and the rest was unused.
 2021-12-05 18:45:44 +01:00
Janne Heß 50a0f33c2a
nixos/switch-to-configuration: Remove unnecessary TODOs 
The first one doesn't make any sense because the directory where the
init binary resides does not contain other tools we need like
systemd-escape.

The second one doesn't make sense either because the errors are already
ignored.
 2021-12-05 18:43:42 +01:00
Jörg Thalheim 8ae2771224
Merge pull request #148729 from bjornfor/add-missing-collectd-group-v2 
nixos/collectd: add missing group
 2021-12-05 17:18:55 +00:00
Ryan Mulligan 542e917e99
Merge pull request #148061 from astro/drbd_upstream 
drbd: update, fix, add test
 2021-12-05 09:10:22 -08:00
Bjørn Forsman 05bc708a7f nixos/collectd: add missing group 
While upgrading my NixOS system I was greeted by this error:

  error:
  Failed assertions:
  - users.users.collectd.group is unset. This used to default to
  nogroup, but this is unsafe. For example you can create a group
  for this user with:
  users.users.collectd.group = "collectd";
  users.groups.collectd = {};

Let's fix it.
 2021-12-05 17:17:12 +01:00
Bobby Rong af6071db60
Merge pull request #148415 from erictapen/borgbackup 
Revert "nixos/borgbackup: specify systemd WorkingDirectory"
 2021-12-05 18:02:49 +08:00
Martin Weinelt 0c008f9c0d
Merge pull request #147056 from mweinelt/smartctl-exporter 2021-12-05 03:00:48 +01:00
Bobby Rong 894fb34b23
Merge pull request #148159 from bobby285271/pantheon 
pantheon.extra-elementary-contracts: split package
 2021-12-05 09:56:34 +08:00
Martin Weinelt d94cec6ead
Merge pull request #148543 from mweinelt/knot-hardening 2021-12-05 02:44:28 +01:00
Sean Heath 6af3d13bec
nixos/ddclient: fix permission for ddclient.conf (#148179) 2021-12-05 02:07:42 +01:00
Artturin fc4df13e26 nixos: add sgx group with gid 304 
fix Unknown group 'sgx', ignoring message from udev
 2021-12-05 01:37:43 +02:00
Artturi 493d66a225
Merge pull request #145732 from gardspirito/mx-puppet-discord 2021-12-04 23:12:09 +02:00
Samuel Dionne-Riel b976947ede
Merge pull request #121345 from samueldr/feature/plasma-mobile 
Add support for Plasma Mobile
 2021-12-04 15:37:26 -05:00
Martin Weinelt 67f102d8d8
nixos/knot: update systemd hardening 2021-12-04 16:53:31 +01:00
Felix Schröter d6a4500f88 nixos/ddclient: support all special characters in password 2021-12-04 16:28:31 +01:00
Maximilian Bosch 5ffc828912
Merge pull request #148301 from Kranzes/nextcloud 
nextcloud23: init at 23.0.0
 2021-12-04 14:54:25 +01:00
Dominique Martinet efe6967e93 bcc: move from linux-kernels packages to normal packages 
bcc doesn't really need kernel itself, it just cares about module path.

It's actually better to use /run/booted-system/kernel-modules/lib/modules
for two reasons:
 - no need to rebuild bcc for each new kernel
 - can use a newer bcc with a booted kernel that doesn't match the current
   system
 2021-12-04 21:07:09 +09:00
Maciej Krüger ca82a582d9
nixos/rtsp-simple-server: init 2021-12-04 12:58:36 +01:00
Tristan 7f6a2d5663 oci-containers: fix imageFile example 2021-12-04 10:23:58 +01:00
Samuel Dionne-Riel 2f12f30f00 nixos/plasma5: Split common Plasma config for Mobile from Desktop 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7f4324c64e nixos/plasma5: Add suggested plasma mobile apps 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7df34e1145 nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 13a03fb289 nixos/plasma5: Add maliit-keyboard to plasma mobile session 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel b41923c1ca nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Tyler Slabinski da6a39436b nixos/plasma5: Add mobile.enable option for plasma 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel fde4f481d9 nixos/plasma5: Make kwinrc/kdeglobals internally configurable 
This is used with the Plasma Mobile configuration to configure the
system as upstream recommends.
 2021-12-03 20:17:04 -05:00
Niklas Hambüchen 6c9f46d063
Merge pull request #148389 from GTrunSec/consul 
nixos/consul: update deprecated setting
 2021-12-03 21:53:10 +01:00
Martin Weinelt 42ae887b23
Merge pull request #148471 from Ma27/postfix-exporter-hardening 2021-12-03 20:26:10 +01:00
Maximilian Bosch 8e6d403e65
nixos/prometheus-postfix-exporter: whitelist addr-family AF_UNIX 
Otherwise, `postfix_up{path="/var/lib/postfix/queue/public/showq"}` will
always be `0` indicating an postfix outage because this is a unix domain
socket that cannot be connected to:

    2021/12/03 14:50:46 Failed to scrape showq socket: dial unix /var/lib/postfix/queue/public/showq: socket: address family not supported by protocol
 2021-12-03 19:01:19 +01:00
Jörg Thalheim 4f08634a18
Merge pull request #148458 from lunik1/snapraid-fix 
nixos/snapraid: relax permissions of snapraid-sync
 2021-12-03 17:59:37 +00:00
Jörg Thalheim 99c916dd8e
Merge pull request #148201 from Artturin/nixservesecret 
nix-serve: fix NIX_SECRET_KEY_FILE
 2021-12-03 17:50:27 +00:00
GTrunSec 8e92c6c510
nixos/consul: update deprecated webUi 2021-12-03 09:46:24 -08:00
Artturi 7ca9a14f7d
Merge pull request #148382 from Artturin/lightdmtmpfile 2021-12-03 19:31:06 +02:00
lunik1 6073b099d0
nixos/snapraid: relax permissions of snapraid-sync 
Remove PrivateDevices to silence warning about SnapRAID being
unable to access disk UUIDs.

Add CAP_FOWNER when touch is enabled so file time stamps can be
set.
 2021-12-03 15:55:27 +00:00
Maciej Krüger aac7065c8d
Merge pull request #148108 from mkg20001/lxdimageserver 2021-12-03 16:06:21 +01:00
Maciej Krüger 79f6a3147f
Merge pull request #147365 from FlorianFranzen/waydroid/psi-default 2021-12-03 14:58:31 +01:00
Florian Franzen 64a0cf0df2
nixos/waydroid: enable kernel psi interface if required 2021-12-03 13:04:17 +01:00
Kerstin Humm ac8a9c3f03
Revert "nixos/borgbackup: specify systemd WorkingDirectory" 
This reverts commit 62ab77a322.

This broke nixosTests.borgbackup:
https://github.com/NixOS/nixpkgs/pull/143995#issuecomment-985136152
 2021-12-03 12:21:13 +01:00
kyren c23851c47e Fix shairport-sync module to create and set an explicit group 2021-12-03 03:16:03 -05:00
Artturin ebbfccf8a0 nixos/lightdm: fix tmpfile by changing 0 to - 
Closes https://github.com/NixOS/nixpkgs/issues/116631
 2021-12-03 06:22:21 +02:00
ajs124 757dd008b2 postgresql_9_6: drop 2021-12-03 01:14:29 +01:00
ajs124 559552ea19
Merge pull request #145695 from mohe2015/step-ca-tests 
nixos/tests: add step-ca test
 2021-12-03 00:54:10 +01:00
pennae 3e9c5fc8ca nixos/*: escape config reference in examples and descriptions 2021-12-02 22:35:05 +01:00
pennae 2512455639 nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
Aaron Andersen ac573f3975
Merge pull request #148049 from hexagonal-sun/shairport-firewall-rules 
nixos/shairport-sync: add firewall rules
 2021-12-02 15:21:28 -05:00
Matthew Leach ea90c516e7 nixos/shairport-sync: add firewall rules 
Add an option to automatically open the firewall for shairport.
 2021-12-02 19:24:50 +00:00
Ilan Joselevich c0f4b20db7 nextcloud23: init at 23.0.0 2021-12-02 20:53:21 +02:00
Robert Hensing 1a223857ab nixos/documentation: Use new extendModules instead of legacy args 2021-12-02 18:23:43 +00:00
AmineChikhaoui fa06cf556e ec2-amis: add release 21.11 2021-12-02 11:01:47 -05:00
Artturin 2fb77151e8 nix-serve: fix NIX_SECRET_KEY_FILE 2021-12-02 17:45:50 +02:00
talyz ab042d6452
discourse.plugins: Update all plugins to their latest versions 
Also, add support for updating plugins which keep gem versions in
files at the root of the repo (discourse-prometheus) and replace the
`up-plugin.sh` script with a README file pointing to the plugin
packaging documentation.
 2021-12-02 10:43:14 +01:00
talyz e2415dbb8f
discourse: 2.7.9 -> 2.8.0.beta9 
Update to the latest beta, since upstream advocates for it. See
https://github.com/NixOS/nixpkgs/issues/146308 for more info.
 2021-12-02 10:31:00 +01:00
Michele Guerini Rocco 9342984bde
Merge pull request #148160 from bb2020/transmission 
nixos/transmission: adjust message-level enum
 2021-12-01 21:28:16 +01:00
Martin Weinelt 0804405afb
Merge pull request #148086 from mweinelt/hass-consider-extracomponents 2021-12-01 19:43:33 +01:00
Vincent Haupert 3cf9508c72 nixos/github-runner: refactor tokens handling 
This commit changes how we deal with the current token, i.e., the token
which may exist from a previous runner registration, and the configured
token, i.e., the path set for the respective NixOS configuration option.

Until now, we copied the configured and the current token (if any) to
the runtime directory to compare them. The path of the current token may
reference a file which is only accessible to specific users (even only
root). Therefore, we ran the copying of credentials with elevated
privileges by prefixing the `ExecStartPre=` script with a `+` (see
systemd.service(5)). In this script, we also changed the owner of the
files to the service user. Apparently, however, the user/group pair
sometimes did not exist because we use `DynamicUser=`.

To address this issue, we no longer change the owner of the file.
Instead, we change the file permissions to 0666 to allow the runner
configuration script (runs with full sandboxing) to read-write the file.
Due to the current permissions of the runtime directory (0755), this
would expose the token. Therefore, we process the tokens in the state
directory, which is only accessible to the service user.

If a new token file exists in the state directory, the configuration
script should trigger a new runner registration. Afterward, it deletes
the new token file. The token is still available using the path of the
current token which is inaccessible within the service's sandbox.
 2021-12-01 16:15:43 +01:00
Bobby Rong 28a115edc4
pantheon.extra-elementary-contracts: drop 2021-12-01 23:00:10 +08:00
bb2020 21a54a4e4c nixos/transmission: adjust message-level enum 2021-12-01 17:55:06 +03:00
Bobby Rong b5038e5127
pantheon.gnome-bluetooth-contract: init at unstable-2021-02-23 2021-12-01 22:42:21 +08:00
Bobby Rong 0a9d1ce156
pantheon.file-roller-contract: init at unstable-2021-02-23 2021-12-01 22:42:21 +08:00
Robert Hensing 0f33d439a7
Merge pull request #140992 from hercules-ci/aarch64-amis 
Add aarch64 AMIs
 2021-12-01 14:48:00 +01:00
Thiago Kenji Okada d5f93fc0d5
Merge pull request #148080 from LibreCybernetics/update-gnome-docs 
gnome: update docs regarding nvidiaWayland
 2021-12-01 10:35:16 -03:00
Martin Weinelt 3070c350e6
Merge pull request #148082 from mweinelt/charybdis-reload 2021-12-01 13:02:11 +01:00
Robert Hensing 8a129f8cf0
Merge pull request #144094 from hercules-ci/nixos-specialisations-use-extendModules 
nixos/specialisation: Rephrase in terms of extendModules, noUserModules
 2021-12-01 11:03:36 +01:00
Maciej Krüger 7a89ee6171
nixos/lxd-image-server: fix logrotate 2021-12-01 08:39:36 +01:00
Martin Weinelt 254dd2a102 nixos/home-assistant: consider extraComponents in hardening 
Previously the extraComponents added to an overriden package would not
have been considered in hardening measures enforced by the module.

Home Assistant is warning the user about component definitions having
moved away from YAML, so using an override to include support for a
component might become the better way moving forward.
 2021-12-01 01:09:52 +01:00
Martin Weinelt 1f726635ee nixos/charybdis: implement reload functionality 
IRC daemons are highly stateful daemons, so allow config changes without
kicking all server and client connections.

Basically a port of 60c62214f5.
 2021-11-30 23:33:34 +01:00
Fabián Heredia Montiel 5bb9d9176d gnome: update docs regarding nvidiaWayland 2021-11-30 15:59:30 -06:00
Ryan Mulligan aa37441c3e nixos/drbd: fix 
- fix environment.etc."drbd.conf"
- don't generate an ExecStart script for just one command
 2021-11-30 21:43:51 +01:00
Sandro 39b1caa278
Merge pull request #146345 from SuperSandro2000/locate-pruneBindMounts 2021-11-30 21:16:25 +01:00
Sandro 06811e74f3
Merge pull request #146533 from SuperSandro2000/nginx 2021-11-30 21:16:09 +01:00
pennae 8072ee22f2 dhcpcd, nixos/dhcpcd: enable privsep 
dhdpcd 9 support privilege separation with a dedicated user and seccomp
filtering. this has been enabled for a while in other distributions as
well.

if the dhcpcd module is not used and the _dhcpcd user/group isn't
definied otherwise dhcpcd will fall back to not using privsep.
 2021-11-30 19:51:45 +01:00
pennae 5269674a6d dhcpcd: 8.1.4 -> 9.4.1 
by @erictapen:

- Removed note about testing and moved it to passthru.tests
- Removed patch, as it is probably the same as
  56b2bb17d2ec67e1f93950944211f6cf8c40e0fb, wich landed in upstream.

other changes:

- changed PIDFile in the module, since dhcpcd 9 changed the location
 2021-11-30 19:51:45 +01:00
Sandro 1841f5f81c
Merge pull request #146336 from SuperSandro2000/locate-fs 2021-11-30 18:06:10 +01:00
Aaron Andersen 1800a86072
Merge pull request #146965 from pmeiyu/webdav 
Add webdav-server-rs
 2021-11-30 12:03:27 -05:00
Jan Tojnar dad4fddd52 nixos/nvidia: check modesetting for gdm-wayland only when gdm is enabled 
Reported in https://github.com/NixOS/nixpkgs/pull/147153#issuecomment-982695772
 2021-11-30 16:06:21 +01:00
Roman Frołow de6181dc51
nixos/acme: fix typo in docs 2021-11-30 21:31:50 +08:00
Vincent Haupert ce81231420 nixos/networkd: add dhcpServerStaticLeaseConfig option 
Add `systemd.network.networks.*.dhcpServerStaticLeaseConfig` to allow
for configuring static DHCP leases through the `[DHCPServerStaticLease]`
section. See systemd.network(5) of systemd 249 for details.

Also adds the NixOS test `systemd-networkd-dhcpserver-static-lease` to
test the assignment of static leases.
 2021-11-30 09:58:33 +01:00
Peng Mei Yu 4abccb5466 nixos/webdav: set uid and gid 2021-11-30 10:19:14 +08:00
Peng Mei Yu ce4ad53e6a nixos/webdav-server-rs: init 2021-11-30 10:19:14 +08:00
Artturi 14d0efe51a
Merge pull request #147939 from NixOS/revert-116290-mar2021-hidpi 2021-11-30 02:50:14 +02:00
Kevin Cox 2b35c41b81
Merge pull request #147153 from LibreCybernetics/enable-nvidia-wayland-on-gdm-by-default 
nixos/gdm: enable nvidiaWayland by default
 2021-11-29 17:15:06 -05:00
Artturi 04a499cdde
Revert "nixos/hidpi: add xserver dpi" 2021-11-29 23:26:46 +02:00
Sandro 61c3243dc7
Merge pull request #113887 from xaverdh/install-grub-editorconfig-fixup 2021-11-29 21:03:41 +01:00
Aaron Andersen a4977db2e8
caddy: include and utilize systemd service from upstream (#147305) 2021-11-29 23:16:25 +09:00
Aaron Andersen f366af7a1b
Merge pull request #136630 from mweinelt/logrotate-hourly 
nixos/logrotate: allow hourly frequency
 2021-11-29 07:42:14 -05:00
Peng Mei Yu 640e54cda9 maintainers: Rename pengmeiyu to pmy 2021-11-29 18:39:31 +08:00
Lucas Savva be952aba1c nixos/acme: Fix rate limiting of selfsigned services 
Closes NixOS/nixpkgs#147348

I was able to reproduce this intermittently in the
test suite during the tests for HTTPd. Adding
StartLimitIntervalSec=0 to disable rate limiting
for these services works fine. I added it anywhere
there was a ConditionPathExists.
 2021-11-29 11:15:31 +01:00
Maciej Krüger e14fadd95c
Merge pull request #147080 from mkg20001/cinstuff 2021-11-29 07:26:02 +01:00
Michele Guerini Rocco af63e81ad9
Merge pull request #147683 from rnhmjoj/pr-monero-cli 
monero: rename to monero-cli
 2021-11-28 16:54:21 +01:00
rnhmjoj 97a3b2af1d
monero: rename to monero-cli 
To make repology.org happy, use the -cli suffix.
 2021-11-28 11:35:14 +01:00
Artturi f62e110ae4
Merge pull request #147323 from Artturin/vmwareguest 2021-11-28 06:56:56 +02:00
Artturi 16eb003524
Merge pull request #146467 from l0b0/test-pam-d-generation 2021-11-27 22:32:46 +02:00
Victor Engmark dcb941f3ed security/pam: Document test location 2021-11-27 20:36:50 +02:00
Michael Weiss 1cfecb636b
Revert "Merge pull request #141192 from helsinki-systems/feat/improved-socket-handling2" 
This reverts commit 57961d2b83, reversing
changes made to b04f913afc.
(I.e. this reverts PR #141192.)

While well-intended, this change does unfortunately introduce very
serious regressions that are especially disruptive/noticeable on desktop
systems (e.g. users of Sway will loose their graphical session when
running "nixos-rebuild switch").

Therefore, this change has to be reverted ASAP instead of trying to fix
it in "production".
Note: An updated version should be extensively discussed, reviewed, and
tested before re-landing this change as an earlier version also had to
be reverted for the exact same issues [0].

Fix: #146727

[0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752
 2021-11-27 17:22:22 +01:00
Dominik Xaver Hörl 0360e03520 nixos/install-grub: fix whitespace 
This time hopefully without changing the generated boot script.
 2021-11-27 10:18:21 +01:00
Dominik Xaver Hörl 19447850a2 Revert "nixos/install-grub: normalize whitespace" 
This morally reverts commit 0e8d7f9b3d.
It made the generated boot script hard to read.
 2021-11-27 10:18:04 +01:00
Maciej Krüger 7aff811292
nixos/cinnamon: add xapps to extra app list 2021-11-27 09:10:58 +01:00
Izorkin 2f66ac01e9
nixos/nginx: disable rejectSSL activation when https is disabled 2021-11-27 09:39:57 +03:00
Izorkin 7376f4e34f
nixos/nginx: tengine requires allowing @ipc calls 2021-11-27 09:39:57 +03:00
Izorkin 78546bbbc5
nixos/nginx: add kTLS option 2021-11-27 09:39:57 +03:00
Thiago Kenji Okada 25cdc0a9c9
Merge pull request #147490 from illdefined/nix-daemon 
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule
 2021-11-26 19:31:02 -03:00
Thiago Kenji Okada 6f4eab2bd1
Merge pull request #147459 from samueldr/fix/nix-bash-completion-2.4 
Fix bash completion for stable nix-* commands with Nix 2.4
 2021-11-26 10:32:51 -03:00
Mikael Voss 257e92258e
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule 
Commit 3a92a1a replaced the nix.daemonNiceLevel and nix.daemonIONiceLevel
options. This commit adds appropriate mk(Rename|Removed)OptionModule.
 2021-11-26 13:25:20 +01:00
Samuel Dionne-Riel 8e92630aae nixos: Provide nix-bash-completions again for stable commands 2021-11-26 02:16:56 -05:00
Victor Engmark e0f1682910 nixos/installer: Quote variable references 
See <https://github.com/koalaman/shellcheck/wiki/SC2086>.
 2021-11-26 18:58:08 +13:00
Victor Engmark c9a7385997 nixos/installer: Use -n instead of ! -z 
See <https://github.com/koalaman/shellcheck/wiki/SC2236>.
 2021-11-26 18:55:53 +13:00
Victor Engmark adb8f5c858 nixos/installer: Mark scripts as Bash for ShellCheck 
See <https://github.com/koalaman/shellcheck/wiki/SC2239>.
 2021-11-26 18:54:23 +13:00
Julien Moutinho b84beda44c nixos/transmission: disable downloadDirPermissions by default 2021-11-25 03:48:31 +01:00
Artturin 21585dc683 nixos/vmware-guest: add display-manager to after and 
add ConditionVirtualization

and remove unneeded before and wants which are not in the upstream
package, the wantedBy should be enough
 2021-11-25 04:33:05 +02:00
Sandro fef107d5a5
Merge pull request #142839 from ivan/zsh-autosuggestions-config-async 2021-11-25 00:09:18 +01:00
Poscat 942f57e79b nixos/acme: add an option for reloading systemd services after renewal 2021-11-24 13:50:20 -08:00
Artturi c4851c0d71
Revert msize related commits (#147180) 2021-11-24 02:33:53 +02:00
Fabián Heredia Montiel 539811a4d3 nixos/gdm: enable nvidiaWayland by default 2021-11-23 12:17:05 -06:00
Martin Weinelt 386a1e79eb
nixos/smartctl-exporter: init 2021-11-23 11:30:28 +01:00
Yurii Matsiuk 8e986f6389
nixos/bluetooth: fix bluetooth warnings 2021-11-23 10:54:26 +01:00
sternenseemann 55c7dfade0 nixos/documentation: index devman by default if enabled 
It's quite ridiculous that we currently require manual intervention just
to have devman indexed if dev.enable == true.
 2021-11-22 23:39:42 +01:00
Graham Christensen 6cfd23fa0b nixos-install: support --no-root-password 2021-11-22 22:09:50 +02:00
github-actions[bot] 28641f51dc
Merge master into staging-next 2021-11-22 18:01:08 +00:00
Artturi 859f7617a7
Merge pull request #146964 from Artturin/systemdreadd 2021-11-22 18:17:16 +02:00
Sandro 4eb8b9decd
Merge pull request #143886 from Julow/xmonad-large-closure 2021-11-22 16:26:25 +01:00
Sandro 338bf1f1b2
Merge pull request #143995 from erictapen/systemd-workingdirectory 2021-11-22 16:25:54 +01:00
Rok Garbas e3cd002ada
Merge pull request #145049 from fernsehmuell/patch-1 
add opcache to list of php packages
 2021-11-22 06:15:57 -08:00
Artturin 7f24a5ff35 nixos/systemd: readd dbus-org.freedesktop.login1.service to upstreamSystemUnits 
it was removed in
eb862c48dd (diff-5ea4693beb4bdd8f7efcdd3204ceea67c86f59b3d1c28cde063ddf03e1d20fbfL66)

without this change i get
Failed to list users: Unit dbus-org.freedesktop.login1.service not found.
when i update and rebuild
 2021-11-22 05:59:05 +02:00
Jonathan Ringer 09e494f4c2
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/applications/window-managers/sway/default.nix
 2021-11-21 14:40:40 -08:00
Patrick Hilhorst 5a14b59cd7
Merge pull request #122995 from primeos/sway-install-default-wallpaper 2021-11-21 21:57:49 +01:00
Niklas Hambüchen 0939143e24
Merge pull request #137176 from GoldsteinE/clickhouse-package 
nixos/clickhouse: add package option
 2021-11-21 21:43:58 +01:00
Goldstein 427941d737 nixos/clickhouse: add package option 
Consistent with other services and helps to work around #130101
 2021-11-21 20:29:41 +01:00
Aaron Andersen c9fde80d80
Merge pull request #146445 from GTrunSec/nomad 
nixos/nomad: add flag of plugin-dir
 2021-11-21 13:45:25 -05:00
Aaron Andersen 65bdad3185
Merge pull request #146728 from newAM/sabnzbd-package-option 
nixos/sabnzbd: add package option
 2021-11-21 13:43:16 -05:00
ajs124 5816eb198f
Merge pull request #141833 from poscat0x04/dovecot-quota-backend 
nixos/dovecot: use the count backend for quota plugin
 2021-11-21 19:37:08 +01:00